Related articles

Deploying Storage Connector in Azure or AWS

About Syncplicity StorageVaults

Please read About Syncplicity StorageVaults before reading this article. The information in this article pertains to installing the Storage Connector in a Cloud environment. If installing the Storage Connector within your on-premise environment, see the on-premise Prerequisites article.

To configure Syncplicity StorageVault(s), you need at minimum two Storage Connector instances. Additional Storage Connectors can be deployed for Scalability and High Availability purposes.

Before installing Storage Connector, make sure your cloud environment meets the following prerequisites:

Cloud Storage Requirements

Virtual Machine Requirements

Operating System Requirements

Network Configuration

Cloud Storage Requirements

Storage Connector supports the following storage types for the Cloud deployment:

Amazon S3 storage

Microsoft Azure blob storage

Virtual Machine Requirements

The Storage Connector is supplied as an RPM installation package file and installed on a separate virtual machine (VM). Each VM, which will be exclusively used to run the Storage Connector application, must meet the following requirements:

Operating System Requirements

Storage connector is supported on the CentOS 7.X 64bit (x64) operating system. For security reasons we recommend all latest security patches to be installed. In this deployment customers are responsible for provisioning the underlying virtual machine image which serves as the base for the Syncplicity software deployed as an rpm package. As a result, the underlying server OS does not receive system level patches. Therefore we encourage you to apply your own patching and hardening regimen following the standard operating procedures for your enterprise.

Network configuration

The Storage Connector supports Cloud deployment with the following requirements:

In the VPC network, you must deploy an externally-addressable SSL-offloading load balancer in front of all virtual machines, configured with a Certificate Authority (CA) signed (NOT self-signed) SSL certificate.

The Storage Connector instances should be inside the private subnet.

Proper firewall rules (security groups) must be created to allow access to the Load balancer and to the Storage Connectors.

The following diagram shows a typical example.

The Storage Connector requires specific inbound and outbound ports to be open, as specified in the following tables.

Inbound port requirements

In order for the Syncplicity clients to connect to the Storage Connector application from the Internet, the following inbound ports must be open.

Connection

Port #

Protocol

From the Internet to the Load balancer.

443

HTTPS

From the Load Balancer to the Storage Connector virtual machines.

9000

HTTP

From trusted hosts used to manage the Storage Connector to the Storage Connector virtual machines.

22

TCP

Known Limitations:

Best practice for inbound traffic from all endpoints to the Storage Connectors is to terminate SSL traffic at a front-end load balancer. This serves to optimize the performance of the Storage Connector by transferring the workload of SSL termination to the load balancer. When using the Azure Application Gateway to perform Load Balancing, a limitation was identified where the Application Gateway is only able to process file downloads no larger than 30MB per file. Third-party Load Balancers are available in Azure and can be used as an alternative.

Outbound Port Requirements

In general, traffic outbound to external hosts on port 443 should be allowed. If for some reason this is not so, at least the following should be allowed.

From the Syncplicity Storage Connector virtual machines to centos.org.

Note: Only required during the OS update procedure to allow for RPM dependency.

80

HTTP

Amazon S3 storage network requirements

To enable the Storage Connector application to connect to Amazon S3 storage, the following outbound ports must be open:

Connection

Port #

Protocol

From the Storage Connector virtual machines to Amazon API endpoints in the chosen AWS Region

443

HTTPS

Known Limitations:

Some AWS regions do not support Signature Version 2 regardless of the AWS service being used. The current version of Syncplicity Storage Connector cannot be deployed in these regions as it requires Signature Version 2. For a list of AWS regions that do not support Signature Version 2, refer to http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html.

Microsoft Azure blob storage network requirements

To enable the Storage Connector application to connect to Microsoft Azure blob storage, the following outbound ports must be open: